Home Explore Help
Sign In
sengler
/
tor-parallel-relay-conn
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Fix bounds-checking in policy_summarize

Found by piebeer.
Robert Ransom 13 years ago
parent
5110490253
commit
43414eb988
2 changed files with 8 additions and 2 deletions
Split View Show Diff Stats
  1. 6 0
      changes/policy_summarize-assert
  2. 2 2
      src/or/policies.c

+ 6 - 0
changes/policy_summarize-assert
View File 

@@ -0,0 +1,6 @@
 
+  o Major bugfixes (security)
 
+    - Fix a bounds-checking error that could allow an attacker to
 
+      remotely crash a directory authority.  Found by piebeer.
 
+      Bugfix on 0.2.1.5-alpha.
 
+
 
+

+ 2 - 2
src/or/policies.c
View File 

@@ -1209,8 +1209,8 @@ policy_summarize(smartlist_t *policy)
 
   accepts_str = smartlist_join_strings(accepts, ",", 0, &accepts_len);
 
   rejects_str = smartlist_join_strings(rejects, ",", 0, &rejects_len);
 
 
-  if (rejects_len > MAX_EXITPOLICY_SUMMARY_LEN &&
 
-      accepts_len > MAX_EXITPOLICY_SUMMARY_LEN) {
 
+  if (rejects_len > MAX_EXITPOLICY_SUMMARY_LEN-strlen("reject")-1 &&
 
+      accepts_len > MAX_EXITPOLICY_SUMMARY_LEN-strlen("accept")-1) {
 
     char *c;
 
     shorter_str = accepts_str;
 
     prefix = "accept";